Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam

Ask Slashdot: Using a Sandbox To Deal With Spambots? 167

shellster_dude writes "Slashdot is certainly no stranger to the problem of spam bots. While blocking a spam bot may seem like the best solution, it is likely that the spammer will simply re-register with a different name. While trying to solve this dilemma on my own forums, I had an epiphany. What if, instead of blocking a spam bot, I could mark a spammer, and then hide all their comments from everyone else? The spammer could continue to go their merry way, spamming to their heart's content. When they visit the forum, they see their spam comments correctly placed in the threads, but their comments would only be visible to them. Thus, an effective sandbox which would prevent them from registering a new user once they had been 'blocked.' Are any other Slashdotters familiar with this technique? Does any software currently use this technique?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Using a Sandbox To Deal With Spambots?

Comments Filter:
  • by HornWumpus ( 783565 ) on Monday August 20, 2012 @02:30PM (#41058429)

    Why is nobody responding?

    • by MightyYar ( 622222 ) on Monday August 20, 2012 @02:33PM (#41058471)

      Because it will be trivial for a spammer to check his posts from another account?

      • by nmb3000 ( 741169 ) on Monday August 20, 2012 @03:17PM (#41059037) Journal

        Because it will be trivial for a spammer to check his posts from another account?

        I remember reading an article on Joel on Software some time ago that talks about this kind of approach. The difference was that instead of only showing those posts to the spammer/troll's account, they were also shown to that poster's /8 or /16 subnet (or something like that). This goes far in solving the problem for multiple accounts (but still fails for proxy servers).

        The downside is that the troll's "local Internet" sees the spam/troll, but the greater Internet doesn't. It always seemed like a good tradeoff to me.

        Wish I could find the article now, but not having any luck.

        • If we used addresses assigned by region it would be a great way to advertise locally. ;)

          Seriously though, that (subnet sand-boxing) would be a great method. Especially considering you could then just block whoever it was locally spamming you instead of having to globally filter every spammer.

          • Until you--the legitimate user were--were caught in the mess created by your spamming neighbor. There is no absolute solution to spam. Unfortunately the solution that will be put forth eventually will be to "license" computer users. Unfortunately by the time people realize that this didn't solve anything it will be too late and beyond return. The best solution for spam is to employ artificial intelligence. More specifically AI on the level of Watson and beyond. Regrettably computing power on the calib
        • by mdfst13 ( 664665 )

          Subnet blocking works great if the spamster posts himself from his own computer.

          If the spammer instead hires someone and then double checks that person's work, this would fail any time they are on different subnets. At best that makes it less likely that the spammer/contractor relation works out. If the spammer uses a botnet to post, this does the reverse of what you want. It gives the spammer access to the subnets on which the botnet is located, but it shows the spammer that it didn't post for everyone

        • by Goaway ( 82658 )

          Spammers have botnets to do their posting from. No IP-based approach is ever going to work on them, as they have a huge number of IP addresses readily available, and evenly distributed across the address space.

      • by billstewart ( 78916 ) on Monday August 20, 2012 @03:46PM (#41059397) Journal

        The really important thing is to make sure Google (and the other search engines and ad services, if you care about them) can't see the spam. That's the real objective of the spammers, and those that bother checking may find that spamming you is less effective in fixing their page ranks.

      • Because it will be trivial for a spammer to check his posts from another account?

        It depends. For example vBulletin has their "Tachy goes to Coventry" option. I did use it in the past but haven't now for several years because all the person has to do, assuming the site is open to the public as my forums are, log out and view the thread their post is in (or if it's a thread they started and thus just has their post in it, just look at the forum listing they posted in) and they will see their post/thread isn't there. No need for a different user account. What I do with all spammers is BAN

      • Because it will be trivial for a spammer to check his posts from another account?

        Yawn. When hellbanning became widespread the spammers just started creating a new account for every spam session.

        Spammers are *bots* (maybe backed by people in third world countries who'll sit all day reading captchas for $0.10). Any idea of a 'battle of wits' between you and a spammer is just an overactive imagination on your part.

    • Either way, whether you shadow ban them, or ban hem outright, the problem is still the same after that.

      You'll still need to keep track of their ip address and other meta-data information to minimize the number of accounts they can create under different names. Also, I think you're overestimating the number of spammers who spam and then who check their spam results after that.

      On my site, I strip out html and even urls, and yet, I still get plenty of spammers wasting cpu cycles trying to insert urls automatic

      • Once you identify them, serve them up a custom post message web page that will do a stupid DOS attack on whatever site is currently being attacked by the B-tards.. That will make their life very interesting.

  • Old Idea (Score:4, Informative)

    by Anonymous Coward on Monday August 20, 2012 @02:31PM (#41058443)

    Old idea that doesn't fix much because spammers change accounts after 1-20 posts anyway.

    • Re:Old Idea (Score:5, Interesting)

      by cpu6502 ( 1960974 ) on Monday August 20, 2012 @03:07PM (#41058935)

      I wouldn't say it "doesn't work." I experienced this shadow banning after I mentioned I not only own a Hybrid electric car, but also a diesel car that gets similar mileage (49MPG). Well the environmentalists furiously attacked me for daring to use the word "diesel" in their forum, and the group owner (also anti-diesel) made my posts invisible.

      It took me a few weeks to realize that none of my posts were being responded too. Rather than waste time with another account, I just left the place. So the shadow-ban worked.

      • Re:Old Idea (Score:4, Insightful)

        by timothyf ( 615594 ) on Monday August 20, 2012 @03:25PM (#41059145) Homepage

        Feels like apples to oranges a bit. You weren't a spammer, they just disagreed with you and provided a hostile environment for expressing your views, which would discourage any normal person from participating. A spammer probably wouldn't care about the shadow ban if they discovered it and would just create a new account if they felt that the target was valuable enough.

      • by Shoten ( 260439 )

        And it's also not apples and oranges because spammers aren't people...they are bots. They aren't checking to see if their posts are still there, since there's not much they can do about it one way or the other, and it takes up resources (and is hard to program) to do so. The bots just go on their merry way, regardless of what is done. You're better off just whacking the spam or setting things up so that it requires a human to post in the first place.

        • Re:Old Idea (Score:4, Insightful)

          by zieroh ( 307208 ) on Monday August 20, 2012 @08:03PM (#41062771)

          And it's also not apples and oranges because spammers aren't people...they are bots.

          That's often true, but not 100%. I have basically two classes of spammer on my own forum. The bots are easy to detect with some clever coding (hint: bots only read HTML) but the human-driven spammers usually get through, only to be quickly banned. The bot attempts outnumber the human attempts by about 100 to 1, but the humans are far more likely to be successful.

          • I see the same thing in my forums. The capcha gets the spam bots but the mules (humans being paid pittance to spam) still try to get through, strangely they tend to post on a Monday morning.

            What I do to catch them is:
            * moderate the first X posts from any user.
            * don't allow posts from certain countries, usually India, South Korea & China.

            There's no automation on this as its low volume anyhow but it does work.

        • by gsslay ( 807818 )

          The idea that spambots come back and check what's happened to their forum spam is as ridiculous as thinking they care if their email spam bounces or is blocked. That takes intelligence, something spambots don't have.

          Spambots move on, never looking back, relentlessly spamming regardless. They work to quantity, not quality.

      • by zieroh ( 307208 )

        As a forum owner (for a forum with an entirely different subject matter) your story sounds... unlikely. Extremely one-sided, at best. I get this kind of thing a lot on my own forum -- people who act like asshats (and are usually contrary at the same time) who point the finger at some kind of intolerance on the forum admin / moderators part. Usually, though, it's not that they mentioned some "unspeakable" word -- it's that they acted like asshats while doing it.

        I'd bet real money that you were an asshat.

    • More precisely, most spammers use an account once. They may make several dozen posts at once (one phpbb bot I saw would post the same thing in every single subforum at once), or they may only make one, but they seem to assume that their account will be banned pretty much after the first infraction.

      Assuming they're using bots, that makes sense. The exception would be human-generated spam, especially that which tries to camouflage as actual discussion, and double-especially if they use multiple accounts to ho

    • by EdIII ( 1114411 )

      It can be very effective. The goal of the spammer is to have their content visible to both users and search engines for as long as possible. If the account gets banned in this way very quickly then the whole operation is without value, especially long term value to any search engines.

      Create as many accounts as you like. If they get banned in the same way, the spammer never accomplishes his goal and has to spend an enormous amount of resources (botnets are not cheap to create) just to get short term visib

      • by Pikoro ( 844299 )

        I just make it so someone has to have at least 2 manually approved comments or posts in order to be able to post automatically. No spam after that that isn't automatically captured. Just gotta clean out the posts every once in a while.

  • by Anonymous Coward on Monday August 20, 2012 @02:31PM (#41058445)

    This comment is used extensively at major media outlets such at Swedish' tabloid "www.aftonbladet.se." Facebook is used to register users.
    When a user is perceived as spamming - or writing opinions that are unwelcome - the user is marked, and simply not displayed to other visitors. But the user himself does not know, and keeps spamming.
    Evil. Pure evil.

  • hellbanning. (Score:5, Informative)

    by Anonymous Coward on Monday August 20, 2012 @02:32PM (#41058455)

    http://en.wikipedia.org/wiki/Hellbanning

    • by unrtst ( 777550 )

      Mod parent up... perfect answer to the question.

    • So it works much like the Phantom Zone. Zod can see us, but can't interact with us. Brilliant!

  • Reddit (Score:5, Informative)

    by cornface ( 900179 ) on Monday August 20, 2012 @02:32PM (#41058461)

    Reddit does something like this.

  • Shadow Ban (Score:5, Informative)

    by TubeSteak ( 669689 ) on Monday August 20, 2012 @02:33PM (#41058467) Journal

    The practice goes by several other names I can't recall, but I know it as a "shadow ban"
    Basically, you tick a box and nobody but that poster can see their nonsense.

    Some forum software already includes the feature, others require a plugin or a roll-your-own solution.

  • Reddit Does (Score:5, Informative)

    by Stickybombs ( 1805046 ) on Monday August 20, 2012 @02:33PM (#41058477)
    Steve Huffman, one of the creators of Reddit, talks about this exact solution during his Udacity class, Web Application Engineering. http://www.udacity.com/overview/Course/cs253/CourseRev/apr2012 [udacity.com] I think it was during week 4 "Whom to Trust," but I don't have links to the exact video. So in short, yes, it has been done effectively in the past, though I believe they wrote their own code to do it.
  • This wouldn't work because spambots don't keep using a single account. If it were that easy spambots would have already been long defeated.

    • by kesuki ( 321456 )

      or you could just blog all the scams you already recieve, use weboftrust to flag their site and if your lucky they will lose their godaddy accounts. it is a lot of work, but that is where weboftrust kicks in by distributed spam detection. once their main c&c gets detected they go down. i used to use spamcop, but i was inundated with spam, and normals cant always tell spam from nonspam however web of trust makes it a little easier for end users to never go to red ring sites.

  • Two Bots (Score:5, Insightful)

    by TheNinjaroach ( 878876 ) on Monday August 20, 2012 @02:34PM (#41058489)
    Seems like it would be easy enough to work around with a second bot that checks to make sure spam is getting through.
    • Seems like it would be easy enough to work around with a second bot that checks to make sure spam is getting through.

      So you make the troll visible to all for a few seconds after the troll has posted, or always visible if someone tries to go to the site directly...

      And the troll is visible for longer to anyone visiting the site from the same IP address.

      But most spammers would not really bother with a verification pass. They have new places to spam.

      • by bakes ( 87194 )

        You forgot this one: make all the trolls posts visible to all the other trolls.

  • No. (Score:5, Insightful)

    by ledow ( 319597 ) on Monday August 20, 2012 @02:34PM (#41058491) Homepage

    What makes you think that they will stop just because their account doesn't get closed?

    They will not notice the efficacy of their spam, they will just keep signing up and spamming. And you'll play whack-a-mole trying to put all their accounts into sandboxes.

    Just how often does a spammer go back to see if his comment posted or not, or if his email got through? Rarely. Spam works on the basis of mass volume. Put a billion adverts on a billion websites and your sales will increase somehow. And the price of those adverts is next to zero after the first few thousand.

    It won't work, but it will make a lot of hassle for you, from storage to filtering to just plain bandwidth if you have a thousand spammers realising they can auto-sign-up and spam you endlessly.

    It's like running a "honeypot". You'll gather lots of data at great expense and resources. But you won't stop the spam.

    • But you won't stop the spam.

      The idea (not that it's a particularly brilliant one) isn't to inconvenience spammers or to stop them spamming - it's designed to stop users being spammed. Think of it like putting all the mimes in the world on a remote island - they can carry on doing their thing but none of us have to put up with it.

      Hmm. Excuse me, I have some extraordinarily silent renditions to arrange.

      • But you won't stop the spam.

        The idea (not that it's a particularly brilliant one) isn't to inconvenience spammers or to stop them spamming - it's designed to stop users being spammed. Think of it like putting all the mimes in the world on a remote island - they can carry on doing their thing but none of us have to put up with it.

        Hmm. Excuse me, I have some extraordinarily silent renditions to arrange.

        The idea presumes that the spammer does some sort of follow-up to see if his posts aren't just deleted immediately, who will then decide IF he should post more spam from a different account. The false premise here is that they somehow value checking for old spam more than they do the opportunity to just post more spam.

        The *only* way to stop spammers is to have enough of a profile on how they operate at any given time as to be able to algorithmically track their entire process. Trying to "beat" little piec

        • I think that the premise is more along the line that the Spambot notices that he's been targeted because he no longer can log into his account.
      • Spammers spam via botnets/proxies in parallel and accept that part of their spam will never reach human eyes. If you really want to piss of spammers then report them to their hosting providers. Some -- not all, since a spammer pays money while a bitching geek only costs money -- will drop the spamvertized site. This actually costs spammers (or their customers) actually time and money.
    • Whether it works or not, "Spambot Sandbox" is a great band name.

      • by drkim ( 1559875 )

        Great idea. I can see the marquee now:

        Tonight only!

        Opening act:
        "Spambot Sandbox"

        Feature Attraction:
        "Hell Banned"

    • Once you've decided to ignore a post it's a small step to serve up a slightly different post message web page.

      The spammer version post message page could just ignore the content of the message and only send minimal another spam type data, or could simply delay and fake a successful post page locally in javascript. It could fake being a common virus and hope the spammers ISP kicks him offline as a zombie (I'm thinking having it fire the post repeatedly to a well known botnet cnc server).

    • by tlhIngan ( 30335 )

      Just how often does a spammer go back to see if his comment posted or not, or if his email got through? Rarely. Spam works on the basis of mass volume. Put a billion adverts on a billion websites and your sales will increase somehow. And the price of those adverts is next to zero after the first few thousand.

      Or not.

      Yes, most spammers do it on a mass basis and most don't bother to actually check if it's posted. As far as they care, their spamming tool signs up for an account (rarely, if ever, do they reuse a

    • I agree - and for smaller sites with less resources, you're basically encouraging traffic that eats your bandwidth and gives you no benefit in return for it.

      Personally, I manually delete the small amount of spam Mollom doesn't catch,and all links have the nofollow on them. I seriously doubt the spammers are looking to see if their spam posts "work" because if they did, they'd see that I was deleting them fairly quickly and they were getting no pagerank from them anyway.

      The "sandbox" is great if you have lot

  • by guruevi ( 827432 ) on Monday August 20, 2012 @02:37PM (#41058539)

    It would certainly prevent spam temporarily but
    a) the spammer would notice rather quickly if their spam doesn't show up in Google
    b) the spammer could easily defeat the system by simply re-registering with another username
    c) one mistake on implementing the system (eg. allowing users to read 'sandboxed' comments through a link) could maybe hide it from your users but not from the other bots that crawl your site (again Google and security bots) which would then mark your site as spam.

    The problem is that spamming is usually automated so you have to have the end-user jump through hoops in order to defeat them. One of the forums I moderate actually requires a legitimate introduction on the topic of the forum before they are allowed to post in the general forums. Defeats most spammers as it's somewhat of a niche forum and automated spam is immediately recognized and user/ip banned.

  • http://www.codinghorror.com/blog/2011/06/suspension-ban-or-hellban.html

  • vbulletin (Score:3, Funny)

    by scint ( 555735 ) on Monday August 20, 2012 @02:39PM (#41058565)
    I'm pretty sure that the vbulletin forum software has this feature. Users can be tagged by moderators such that all of their post are invisible to the rest of the community. Members see their own posts. In a spambot situation, I would be cautious about using this approach on account of database growth and system maintenance. ymmv.
  • A decent enough idea to be sure, but it must be carried forward to conclusion. Not only could these be detected by a second bot account, the spammer is still eating up your resources, whether it be disk space or processing cycles to detect viewing by bot accounts. Even if legit users never see the spam, the spammer half wins by making your system work harder to filter them out.

  • by george14215 ( 929657 ) on Monday August 20, 2012 @02:39PM (#41058573)
    What's even funnier is to allow all the people marked as "spammers" to see each other's comments as well. We called this the Secret Garden.
    • by PPH ( 736903 )

      Usenet variant: Some free Usenet sites that have been havens for troublemakers or allow practices like injecting articles with fake paths get blocked from NNTP forwarding by other sites' admins. So pretty soon, posters on these sites see all the garbage they attempt to spam various groups with. But nobody else does.

  • by compro01 ( 777531 ) on Monday August 20, 2012 @02:41PM (#41058601)

    Vbulletin implements this with their global ignore (a.k.a. Tachy Goes to Coventry) function.

  • by DrXym ( 126579 ) on Monday August 20, 2012 @02:43PM (#41058625)
    Some ways to reduce spam.
    1. Replace the forum's captcha with one of a higher grade, e.g. Recaptcha
    2. Requiring new users to be registered and await activation before being able to post.
    3. Use an extension that taps into NoSpam or similar to so that registrants can be flagged by their ipaddress or email address if they are known spammers.
    4. Use the forum's tools to limit the damage newbies they can do even if they slip through this.
    5. Add a simple challenge to the registration page which is necessary for registration to succeed

    For extra points you could probably modify the registration process in all kinds of manners which would confound an automated and replay attacks. Chances are that for the average forum it would be sufficient that no script would even bother to defeat it and would simply move onto softer targets.

    • by rho ( 6063 )

      For extra points you could probably modify the registration process in all kinds of manners which would confound an automated and replay attacks. Chances are that for the average forum it would be sufficient that no script would even bother to defeat it and would simply move onto softer targets.

      This is the answer, more or less. For small-to-middling forums, reducing spam is pretty easy. A few volunteers to delete the ones that get through suffices for the rest.

      It breaks down to 1) keep out easy drive-by spammers, which means registration with a valid email address and some kind of barrier to detour the smarter bots (ReCaptcha and the like); 2) filter posts through Akismet or similar method; 3) have a community large enough and engaged enough to want to zero out spam posts.

      The third step is the har

    • by SuperKendall ( 25149 ) on Monday August 20, 2012 @03:09PM (#41058965)

      Replace the forum's captcha with one of a higher grade, e.g. Recaptcha

      Or eliminate it altogether, since it doesn't help and really pisses off users.

      Requiring new users to be registered and await activation before being able to post.

      Instead of this allow anyone to post right away, but do not allow the first few posts to be seen until they have been verified to be valid by a human. Delegate some of this verification to your most active users.

    • Some ways to reduce spam.

      1. Replace the forum's captcha with one of a higher grade, e.g. Recaptcha

      ReCaptcha has become so difficult recently that I can't guess half of them. As well as being horribly distorted, many of the newer unknowns seem to be in foreign (non-english) languages, so you can't even guess them from context.

  • There used to be a Web forum product called Beehive (not sure on its status these days) which had this as a feature. A spammer or troll could spew all they wanted to, and if the "worm mode" bit was set, only they could see their postings -- nobody else.

    For a constant troll, I'd say go for it. For a hit and run spammer who really just wants to get stuff on the board and then run off, I'd say don't bother; they won't be back on that account most likely.

  • nope (Score:5, Insightful)

    by Anonymous Coward on Monday August 20, 2012 @02:47PM (#41058673)

    Your post advocates a

    (X) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    (X) No one will be able to find the guy or collect the money
    (X) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (X) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    (X) Armies of worm riddled broadband-connected Windows boxes
    (X) Eternal arms race involved in all filtering approaches
    (X) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    ( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (X) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (X) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

  • by Minwee ( 522556 ) <dcr@neverwhen.org> on Monday August 20, 2012 @02:53PM (#41058745) Homepage

    There's a site called Slashdot [slashdot.org] which allows comments to be rated from 0 to 5. Spam, trolls, and posts like this one will be moderated down to zero and blocked from view by most other users.

    Check it out some time.

    • by Nadaka ( 224565 )

      -1 and up actually. I believe it goes over +5 even if it only displays +5, it seems to offer a buffer against people troll modding because they don't like what you have to say.

    • by Forever Wondering ( 2506940 ) on Monday August 20, 2012 @04:32PM (#41060025)
      As I'm sure many people already know, you can also flag the comment and it goes to the site admins. Even when I'm modding, I don't want to burn a modpoint on a spammer. I'd rather mod up a good comment instead. You can flag even if you don't have mod points.

      --

      Recently, there was a spate of spam on slashdot about antivirus software. IIRC, in a single day there were eight instances/variants of the same spam on a single discussion alone [and more on other discussions on the same day]. Different spiels, accounts, AC's.

      Such aggressive spamming can [realistically] only be dealt with by the site itself (e.g. filtering by content). The content trigger was probably easy, as each spam message would feature the product name no less than 10 times.

      I haven't seen the particular spam recently, so I'm guessing something was done about it.

      • Either that or the insufferable douchebags at the MCPC marketing arm finally figured out that Google doesn't crawl the forums here... Fucking twits.

  • From what I understand from a contact of mine who works for a news paper, their website has this functionality. They told me that when a spammer is blocked or their comment is deleted they are the only ones who dont know. They can keep posting and they think their posts show up, but to the rest of the world they don't exist. Their websites comments appear to be run by a company called Pluck by DemandMedia.
  • by scorp1us ( 235526 ) on Monday August 20, 2012 @02:58PM (#41058811) Journal

    Currently:
    Spammers can register and post for free (or sufficiently free do to low captcha cost)

    You propose:
    A way to squelch individual accounts. (Assuming errouneously that it has some cost to them)

    The result:
    Spammers will still continue registering new accounts, because in no way does it affect their cost.

    A better solution: make them fund their account - PayPal with some trivial designated amount - $0.75, correlate it to the paypal address during signup. You've now added real cost and real verification. Hold the money for some time, then reverse it. The likely outcome is they'll start using stolen credit card numbers, or stop.

    • by Nadaka ( 224565 )

      And that means that I will never ever use the forum. I do no business with paypal, at all, ever. They are a shady business with questionable ethics at best.

      • I hear ya. Accept bitcoin then. At least that market is not as shady.

      • Hell, if I could get 10 million people to let me borrow a $1 for 6 months... I'd gladly return their money after collecting interest off it.

  • Do like the supermarkets do. Just rearrange everything on the sign up page every couple of weeks or so

  • by dskoll ( 99328 ) on Monday August 20, 2012 @03:36PM (#41059285) Homepage

    As an analogy, normal banning is like an SMTP server rejecting spam with a 5xx failure code, while your scheme would have the server accept the spam with a 2xx code but throw the message in /dev/null

    Each method has the usual pros and cons: Pretending to accept mail reduces (but does not completely eliminate) feedback to the spammer as to whether or not the message made it through. However, it plays hell with legitimate users; false-positives become much more problematic if there's not feedback.

  • Roll your own, or use Akismet...
  • A good use for stupidfilter http://stupidfilter.org/ [stupidfilter.org] perhaps?
  • When I was a forum mod for a large forum some years ago, we had a lot of troll problems and the same guys would keep showing up as sock puppets. A lot of the time it took a while to suss out if someone was for real or one of the persistent trolls.

    So I did come up with an idea to mirror the forum, with idiots and highly suspected idiots able to post all they wanted on the fake mirror, with the non crappy people on the real forum. So what it looked like was that everyone had the trolls on their ignore list,

  • I worked at a anti-spam company a few years. That was one of the things we did. We would send a 250 Ok to a message regardless of if it was accepted or not. If it wasn't accepted the customer had the option of putting it into a quarantine or just not writing it anywhere. I think we also always told suspect bad senders (essentially anyone we haven't seen before or anyone with a non-perfect score in our reputation and various blocklists) that a recipient exists. If things were suspect we'd throttle their con

One small step for man, one giant stumble for mankind.

Working...